Privacy Policy

1. Introduction

Welcome to autosender.lol ("we", "us", or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using autosender.lol, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Discord Account Information: Your Discord user ID, username, discriminator, email address, and avatar (obtained through Discord OAuth)
• Session Data: Authentication tokens and session identifiers

2.2 Discord Automation Tokens

Critical Security Information: We collect Discord user tokens that you provide to enable message automation. These tokens are extremely sensitive and grant access to Discord accounts.

How we protect your tokens:

• Tokens are immediately encrypted using industry-standard AES-256-CBC encryption
• Encrypted tokens are stored in our secure database with salt-based key derivation
• Tokens are only decrypted in memory when actively sending messages
• Encryption keys are stored separately from the database in secure environment variables
• Our staff cannot view your plain-text tokens

2.3 Campaign and Message Data

We collect and store:

• Campaign names and configurations
• Message content you schedule for delivery
• Discord channel IDs you target
• Campaign execution status, delivery timestamps, and error logs
• Message delivery statistics (sent count, failed count)

2.4 Payment and Subscription Information

We collect:

• Sellauth Payment Records: Payment information processed through Sellauth. We do not handle or store payment card information directly
• Subscription Data: Plan type, subscription duration, start date, expiration date
• Usage Limit Records: Daily message limits granted, usage tracking, and limit reset dates
• Transaction History: Payment dates, amounts, and subscription changes processed through Sellauth

2.5 Usage Data

We automatically collect:

• IP addresses and device information
• Browser type and version
• Pages visited and features used
• Time and date of access
• Diagnostic and error logs

2.6 Cookies and Tracking

We use cookies and similar technologies for:

• Authentication and session management
• Security and fraud prevention
• Preference storage (theme settings, etc.)

3. How We Use Your Information

We use collected data to:

3.1 Provide the Service

• Create and manage your account
• Authenticate your identity
• Execute your scheduled message campaigns
• Send messages to Discord on your behalf using your provided tokens
• Monitor campaign status and handle errors
• Enforce rate limits and Discord API restrictions

3.2 Manage Subscriptions and Usage Limits

• Verify payment completion through Sellauth
• Grant subscription daily limits based on purchased plans
• Allocate and track daily message usage and consumption
• Manage subscription periods and daily limit resets
• Maintain transaction records for accounting and compliance

3.3 Improve and Secure the Service

• Monitor system performance and identify errors
• Detect and prevent fraud or abuse
• Analyze usage patterns to improve features
• Ensure compliance with our Terms of Service

3.4 Communicate With You

• Send service-related notifications (campaign failures, daily limit reached)
• Respond to support requests
• Send important updates about the Service or policy changes

4. How We Share Your Information

We do not sell your personal information. We may share your data in the following circumstances:

4.1 Third-Party Service Providers

• Discord: We send your message content to Discord using your provided tokens. Discord may collect and process this data according to their Privacy Policy.
• Database Hosting: Our database provider stores your encrypted data with appropriate security measures and access controls.
• Error Tracking: Diagnostic information and error logs may be collected for service improvement (no sensitive data such as tokens or payment information is included).

4.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety, or that of others
• Investigate fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Security

We implement robust security measures to protect your data:

5.1 Encryption

• Discord Tokens: Encrypted at rest using AES-256-CBC encryption with random initialization vectors for maximum security
• Data in Transit: All communications use TLS/SSL encryption (HTTPS)
• Database: Encrypted storage with role-based access controls and connection security

5.2 Access Controls

• Authentication required for all sensitive operations
• User isolation - you can only access your own data
• Limited staff access to production systems
• Audit logging of administrative actions

5.3 Operational Security

• Regular security updates and patches
• Monitoring for suspicious activity and unauthorized access attempts
• Automated backups with encryption
• Sellauth handles all payment processing and card information securely
• Environment-based configuration for sensitive keys and credentials

Important: While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your data. You use the Service at your own risk.

6. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active and for 30 days after account deletion (unless legally required to retain longer)
• Discord Tokens: Deleted immediately upon account deletion or token removal
• Campaign Data: Retained for 90 days after campaign deletion for audit purposes
• Transaction Records: Retained for 7 years for tax and accounting compliance
• Logs and Analytics: Retained for 90 days unless required for security investigations

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

• Request a copy of your personal data
• Export your campaign data and message history

7.2 Correction and Deletion

• Update or correct your account information
• Delete your Discord tokens at any time
• Request full account deletion

7.3 Objection and Restriction

• Object to certain data processing activities
• Restrict processing of your data in certain circumstances

7.4 Withdrawal of Consent

You may withdraw consent for data processing at any time by deleting your account or specific data (e.g., Discord tokens). Note that this may prevent you from using certain features.

To exercise these rights, please open a support ticket in our Discord server.

8. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights:

8.1 Legal Basis for Processing

We process your data based on:

• Contract Performance: To provide the Service you've subscribed to
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Consent: For optional features or marketing (where applicable)
• Legal Obligation: To comply with tax, accounting, and legal requirements

8.2 Data Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Using service providers that comply with GDPR requirements

8.3 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

9. CCPA Compliance (California Users)

If you are a California resident, you have specific rights under the CCPA:

• Right to know what personal information we collect and how it's used
• Right to delete your personal information (subject to legal exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please open a support ticket in our Discord server. We will respond within 45 days.

10. Children's Privacy

Our Service is not intended for users under 13 years of age (as per Discord compliance). We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it immediately.

If you believe we have collected information from a child, please contact us immediately.

11. International Users

Our Service is operated from Sweden. If you access the Service from outside this jurisdiction, your data may be transferred to and processed in Sweden, which may have different data protection laws than your country of residence.

By using the Service, you consent to the transfer and processing of your data in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this page
• Posting a notice on our website
• Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us by opening a support ticket in our Discord server:

• Discord Support: Join our Discord server and open a ticket in the support channel for assistance
• Website: https://autosender.lol

For data subject access requests or privacy concerns, please mention "Privacy Request" in your Discord ticket. We will respond within 30 days.